EP1601215A2 - Drahtloses Kommunikationssystem und Verschlüsselungskontrollverfahren - Google Patents

Drahtloses Kommunikationssystem und Verschlüsselungskontrollverfahren Download PDF

Info

Publication number
EP1601215A2
EP1601215A2 EP04255896A EP04255896A EP1601215A2 EP 1601215 A2 EP1601215 A2 EP 1601215A2 EP 04255896 A EP04255896 A EP 04255896A EP 04255896 A EP04255896 A EP 04255896A EP 1601215 A2 EP1601215 A2 EP 1601215A2
Authority
EP
European Patent Office
Prior art keywords
mobile terminal
encryption
terminating
originating
wireless communication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP04255896A
Other languages
English (en)
French (fr)
Inventor
Masayuki c/o Fujitsu Limited Hara
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujitsu Ltd
Original Assignee
Fujitsu Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujitsu Ltd filed Critical Fujitsu Ltd
Publication of EP1601215A2 publication Critical patent/EP1601215A2/de
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption

Definitions

  • This invention relates to a wireless communication system and encryption control method to perform encryption of data in the wireless circuits of a wireless network, and in particular relates to a wireless communication system and encryption control method for performance of encryption processing between an originating mobile terminal and a terminating mobile terminal, and not in a wireless network control device (Radio Network Controller, RNC) when the originating mobile terminal (UE) and terminating mobile terminal (UE) are in the same network.
  • RNC Radio Network Controller
  • Fig. 12 summarizes the configuration of a wireless communication system, comprising an upper-level network (Core Network, CN) 1, wireless network control devices (Radio Network Controller, RNC) 2, 3, wireless base stations (NodeB) 4a through 4c and 5a through 5c, and mobile equipment (User Equipment, UE) 6.
  • the network comprising the RNCs in the CN and the plurality of NodeBs under the RNCs is called a UTRAN (UMTS Terrestrial Radio Access Network).
  • a MSC (Mobile Switching Center) 1a which performs call connection control, service control, position control and similar for user equipment, exists in the core network 1.
  • a UE and NodeB are connected by a Uu interface, and the physical bearer is wireless (wireless interval).
  • An Iub interface, Iu interface, and Iur interface are connected between a NodeB and RNC, RNC and CN, and RNC and RNC, respectively, and the physical bearer is wired (wired interval).
  • the direction of data flow from the CN to the UE is defined as the downlink (DL) direction, and the opposite direction, from the UE to the CN, is the uplink (UL) direction.
  • encryption is applied to user data between a UE and the UTRAN, to control information, and to TMSI (Temporary Mobile Subscriber Identity) information, which is a temporary user identifier, and similar.
  • TMSI Temporal Mobile Subscriber Identity
  • Fig. 13 explains a specific method of applying encryption; this is an example of an uplink (UL) in which encryption is applied to data in the UE transmission portion, and the data is decrypted in the receiving portion of the RNC (see for example Keiji Tachikawa, W-CDMA Mobile Communication System , Maruzen, June 25 2001, pp. 156-157, Figs. 3-60, Tables 3-18).
  • An encryption processing portion CPH is configured similarly in the UE and UTRAN, and comprises an encryption code generation block 7 which uses encryption parameters to generate an encryption code (keystream block) KSB, and a computation portion 8 which computes the exclusive logical sum of the encryption code and the data for processing DT.
  • the encryption parameters necessary for encryption code generation are COUNT-C, BEARER, DIRECTION, LENGTH and CK, as shown in Fig. 14; using these encryption parameters, the encryption code KSB is generated according to the f8 algorithm (defined by 3GPP).
  • the same encryption parameters are used by the UE and UTRAN, and only COUNT-C changes according to conditions; the other parameters have fixed values.
  • COUNT-C is a 32-bit counter value
  • BEARER is a 5-bit bearer identifier
  • DIRECTION is a single bit indicating the transmission direction (UL or DL)
  • CK is a 128-bit secret key (encryption key)
  • LENGTH is the bit length of data to be ciphered. Counters are provided in both the UE and UTRAN, and count clock signals with the same period.
  • the encryption processing portion CPH on the transmission side performs ciphering of data by computing, in bit units, the exclusive logical sum of the encryption code KSB and the data portion (unciphered MAC SDU) DT which is to be encrypted, and transmits the ciphered data (ciphered MAC SDU) CDT.
  • the encryption processing portion CPH on the receiving side deciphers the data by computing, in bit units, the exclusive logical sum of the encryption code KSB and the received ciphered data (ciphered MAC SDU) CDT, and outputs the deciphered data (unciphered MAC SDU) DT.
  • Fig. 16 explains a simple encryption execution sequence for the DTCH of a CS (circuit switched service) call between a UE and the UTRAN (for example, an RNC); (1) due to the CS call, an RRC connection setup sequence between the UE and UTRAN is executed, and a signaling connection (DCCH) is established (S1), and (2) then, a UE-UTRAN wireless bearer setup sequence (DTCH setup sequence) is executed, to set up a voice call connection (S2).
  • DTCH is an individual traffic channel for data transmission/reception (dedicated traffic channel)
  • DCCH is an individual control channel for control information transmission/reception (dedicated control channel).
  • the COUNT-C parameter for CS calls uses an 8-bit CFN (Connection Frame Number) has the short-period sequence number.
  • the CFN takes values from 0 to 255, and is incremented in 10 ms cycles.
  • This short-period sequence number CFN and the long-period sequence number HFN are controlled so as to be the same values in the UE and UTRAN.
  • UTRAN sends a Radio Bearer Setup message to the UE.
  • the Radio Bearer Setup message comprises 1) ciphering mode info, specifying an encryption algorithm and similar, and 2) activation time, BEARER, and LENGTH, indicating the encryption initiation point (time of initiation of encryption).
  • transmission data is encrypted between the originating-side UE and RNC, and between the terminating-side UE and RNC. That is, the originating-side UE encrypts the data and sends the data to the originating RNC; the originating-side RNC decrypts the data and transmits the data to the receiving-side RNC; the terminating-side RNC again encrypts the data and transmits the data to the terminating-side UE; and the terminating-side terminal decrypts the data.
  • the reason for decryption by the originating-side RNC is that the encryption parameters used by the originating-side UE and RNC and the encryption parameters used by the terminating-side UE and RNC are different, so that if the originating-side RNC does not decrypt the data, decryption on the terminating side becomes impossible.
  • a fixed terminal has no decryption functions, if the data is not decrypted by the originating-side RNC, a fixed terminal, upon receiving encrypted data, cannot perform decryption.
  • Fig. 17A explains encryption/decryption processing when an originating-side terminal (UE) and terminating-side terminal (UE) are both under the same RNC; the originating-side UE 6 uses the encryption parameters A to encrypt the data and transmits the data to the RNC 2 via the node (base station BTS) 4b, and the RNC 2 uses the encryption parameters A with the originating-side UE 6 to perform decryption. After this, the RNC 2 uses the encryption parameters B with the terminating-side UE 6' to encrypt the data and transmits the data to the terminating-side UE 6' via the base station BTS 4c, and the terminating-side UE 6' performs decryption using the encryption parameters B.
  • Fig. 17B explains encryption/decryption processing when the originating-side UE and terminating-side UE are both under the same MSC; the originating-side UE 6 uses the encryption parameters A to encrypt the data and transmits the data to the RNC 2 via the base station BTS 4b, and the RNC 2 uses the encryption parameters A with the originating-side UE 6 to perform decryption and transmits the data to the terminating-side RNC 3.
  • the terminating-side RNC 3 uses the encryption parameters B with the terminating-side UE 6' to encrypt the received data and transmits the data to the terminating-side UE 6' via the base station BTS 5c, and the terminating-side UE 6' uses the encryption parameters B to perform decryption.
  • encryption/decryption processing of user data must be performed four times, and moreover RNCs perform encryption/decryption processing two out of these four times, so that the burden on the RNCs is increased and the number of channels (number of users) which can be accommodated is decreased. If user data is sent over different networks, RNCs must perform encryption/decryption processing; but if communication is between two UEs over the same network, there should be no need for intermediate equipment to perform encryption/decryption processing.
  • This invention was devised in light of these problems, and has as an object elimination of the need for an RNC to perform encryption/decryption processing when the originating terminal and terminating terminal are both in the same network.
  • Another object of this invention is the ability for the originating terminal and terminating terminal to each perform encryption/decryption processing of user data one time each, for a total of two times, when both the originating terminal and the terminating terminal are in the same network, so that the burden on RNCs can be alleviated and the number of channels (number of users) accommodated can be increased.
  • an encryption control method in a wireless communication system in which encryption parameters are used to encrypt data in wireless communication, and the encryption parameters are used to perform decryption.
  • a first encryption control method has a step of judging whether the originating mobile terminal and terminating mobile terminal exist in the same network; a step, if they exist in the same network, of passing data through the network-side equipment without performing encryption/decryption processing; and a step of performing encryption/decryption processing only at the originating mobile terminal and the terminating mobile terminal.
  • a second encryption control method has a step of making encryption parameters in the originating mobile terminal identical with the encryption parameters in the terminating mobile terminal; a step of having the originating mobile terminal perform data encryption processing using the encryption parameters; and a step of having the terminating mobile terminal perform decryption processing of the received data using the encryption parameters.
  • a third encryption control method has a step of judging whether the originating mobile terminal and terminating mobile terminal exist in the same network; and a step, if they exist in the same network, of decrypting the encryption performed by the above originating mobile terminal, not in a network-side device, but in the terminating mobile terminal.
  • a wireless communication system in which encryption parameters are used in wireless communication to encrypt data, and the encryption parameters are used to decrypt the data.
  • This wireless communication system comprises control devices in a core network to judge whether an originating mobile terminal and terminating mobile terminal exist in the same network; wireless network control devices to pass data through, without performing encryption/decryption processing, when the originating mobile terminal and terminating mobile terminal exist in the same network; an originating mobile terminal which uses the encryption parameters to perform encryption processing of transmission data and which transmits the encrypted data; and a terminating mobile terminal which uses the encryption parameters to perform decryption of received data.
  • the wireless communication system comprises means for making the encryption parameters in the originating mobile terminal identical with the encryption parameters in the terminating mobile terminal.
  • the above control device of the core network when the originating mobile terminal and the terminating mobile terminal exist in the same network, the above control device of the core network generates an encryption key which is an encryption parameter and transmits the encryption key to the wireless network control devices on the originating side and on the terminating side; the originating-side and terminating-side wireless network control devices receive the encryption key and transmit the key to the originating mobile terminal and to the terminating mobile terminal respectively, so that the encryption parameters of the originating mobile terminal are identical with the encryption parameters of the terminating mobile terminal.
  • the originating-side and terminating-side wireless network control devices pass through data without performing decryption or encryption.
  • a network control device of this invention comprises means for judging whether an originating mobile terminal and a terminating mobile terminal exist in the same network; means for making the encryption parameters in the originating mobile terminal identical with the encryption parameters in the terminating mobile terminal, when the originating mobile terminal and the terminating mobile terminal exist in the same network; and means for passing data through without performing encryption/decryption processing, when the originating mobile terminal and the terminating mobile terminal exist in the same network.
  • the above objects are achieved by means of mobile terminals in a wireless communication system in which, upon wireless communication, encryption parameters are used to encrypt data, and the encryption parameters are used to decrypt the data.
  • the mobile terminals of this invention comprise means, upon call termination, when the mobile terminal exists in the same network as the originating mobile terminal, for making the encryption parameters identical with the encryption parameters of the originating mobile terminal; means for using the encryption parameters to generate an encryption code and for using the encryption code to decrypt data; and means for performing normal decryption when the originating mobile terminal and the terminating mobile terminal do not exist in the same network.
  • network-side devices pass data through without performing encryption/decryption processing, and encryption/decryption __ processing is performed only by the originating mobile terminal and by the terminating mobile terminal, so that the RNCs need not perform encryption/decryption processing, the burden on the RNCs is alleviated and the number of channels (number of users) accommodated can be increased.
  • Fig. 1 is a block diagram of a wireless communication system in a case in which an originating mobile terminal and a terminating mobile terminal exist in the same network; (A) is the case in which the originating mobile terminal (UE) 11 and terminating mobile terminal (UE) 21 exist in an area managed by the RNC 31, and (B) is the case in which the originating mobile terminal 11 and terminating mobile terminal 21 exist in an area managed by the MSC 41.
  • the MSC 41 makes reference the destination telephone number comprised by the setup message input from the originating mobile terminal 11 at the time of call origination and the location table holding telephone numbers of mobile terminals being managed, and investigates whether the terminating mobile terminal 21 exists within the same network as the originating mobile terminal 11. If the originating mobile terminal 11 and terminating mobile terminal 21 exist in a same network and, as shown in (A), they are managed by the same RNC 31, the MSC 41 notifies the RNC 31 of this fact, and the RNC 31 makes the encryption parameters of the originating mobile terminal 11 identical with those of the terminating mobile terminal 21. The originating mobile terminal 11 uses the encryption parameters to perform encryption of the transmission data, which is input to the RNC 31 via the base station BTS 51.
  • the RNC 31 transmits the received information unmodified, without performing decryption, to the terminating mobile terminal 21 via the terminating-side base station BTS 52.
  • the terminating mobile terminal 21 uses the same encryption parameters as the encryption parameters of the originating mobile terminal to perform decryption of the received data.
  • encryption control similar to that described above is performed.
  • the MSC 41 notifies the RNCs 31, 32 on the originating and terminating sides of this fact, and cooperates with the RNCs 31, 32 to make the encryption parameters of the originating mobile terminal 11 identical with those of the terminating mobile terminal 21.
  • the originating mobile terminal 11 uses the encryption parameters to perform encryption processing of transmission data, and inputs the encrypted data to the originating-side RNC 31 via the base station BTS 51.
  • the originating-side RNC 31 does not perform encryption processing (decryption), but passes through the received data without modification, transmitting the data to the terminating-side RNC 32.
  • the terminating-side RNC 32 also does not perform encryption processing, but passes through the received data without modification, transmitting the data to the terminating mobile terminal 21 via the terminating-side base station BTS 52.
  • the terminating mobile terminal 21 uses the same encryption parameters as the encryption parameters of the originating mobile terminal to perform decryption processing of the received data.
  • encryption control similar to that described above is performed.
  • the RNCs 31, 32 pass data through without performing encryption processing, and encryption processing need only be performed by the mobile terminals 11, 21, so that the burden on the RNCs 31, 32 is alleviated, and the number of channels (number of users) which can be accommodated can be increased.
  • the encryption mechanism in a 3GPP system uses encryption parameters such as those shown in Fig. 14.
  • Fig. 14 As explained in Fig. 1, if the originating mobile terminal (UE) 11 and terminating mobile terminal (UE) 21 use the same encryption parameters, normal decryption and communication are possible on the data receiving side without encryption/decryption processing by RNCs.
  • the encryption parameters of the originating mobile terminal (UE) 11 the encryption parameters of the terminating mobile terminal (UE) 21 are made identical with each other, so that encryption/decryption processing by the RNCs 31, 32 is not necessary.
  • COUNT-C comprises a long-period SN (HFN) and short-period SN (CFN). If encryption/decryption processing is not performed by the RNCs 31, 32, but is performed only by the UEs 11, 21, then the two UEs must both use the same value of COUNT-C. The method used to synchronize COUNT-C is explained below.
  • the UEs 11, 21 notify the RNCs 31, 32 of the long-period HFNs through RRC Connection Setup Complete. Also, the RNCs 31, 32 notify the UEs 11, 21 (or, the UEs notify the RNCs) of the activation time (CFN), indicating the point of encryption initiation, in the Radio Bearer Setup (Complete) message.
  • CFN activation time
  • the terminating-side UE 21 uses the same value of COUNT-C as the originating-side UE 11, so that encryption/decryption processing can be executed.
  • BEARER takes a value according to the service (voice, packet, or similar); for current setup methods, the same bearer is used on both the originating and terminating sides. Because the same service type setup is performed on both the originating and the terminating sides, the same value for LENGTH is similarly used on the originating and on the terminating sides.
  • the DCCH parameters (BEARER, LENGTH, activation time) are set by the RNC 31 in a security mode command message to the UE 11, and the DTCH parameters (BEARER, LENGTH, activation time) are set by the RNC 31 in a Radio Bearer Setup message to the UE 11.
  • the originating-side RNC 31 sets the parameters (BEARER, LENGTH, activation time) in the originating-side UE 11; the terminating-side RNC 32 similarly sets the parameters (BEARER, LENGTH, activation time) in the terminating-side UE 21.
  • DIRECTION indicates either the uplink or downlink direction, and again, the same value must be used on the originating and terminating sides.
  • the user data sent as an uplink by the UE 11 on one side is recognized as downlink data by the other UE 21, so that it may be necessary for the terminating-side UE 21 receiving the data to invert the uplink/downlink value for the received data. That is,__ when the terminating terminal 21 performs decryption, the direction should be inverted so that the DIRECTION parameter of the UE 21 is identical with that of the UE 11.
  • the encryption key CK (Confidential Key) is generated according to a prescribed algorithm using KSI.
  • KSI is an encryption key held in each mobile terminal UE.
  • the UE 11 sends an initial L3 message to the MSC 41, and the MSC computes CK according to a prescribed algorithm using the parameter KSI comprised by this message; the RNC 31 is notified of this CK by a security mode command message.
  • the UE 11 also computes CK using the same algorithm, so that the UE 11 and RNC 31 have the same value of CK.
  • the drawing shows a case in which CK is set in the originating-side RNC 31, but CK can also be set in the terminating-side RNC 32, so that the UE 21 and RNC 32 have the same value of CK.
  • the CK value held by both the UE 21 and RNC 32 differs from the CK value held by both the UE 11 and RNC 31. If the originating-side UE 11 and terminating-side UE 21 do not exist in the same network, these CK values are used in independent encryption/decryption processing on the originating side and on the terminating side. However, if the originating-side UE 11 and the terminating-side UE 21 exist in the same network, the CK value on the originating side and the CK value on the terminating side must be made identical each other.
  • Fig. 4 is a sequence making a CK value on the originating side identical with a CK value on the terminating side.
  • the MSC 41 investigates whether the originating mobile terminal (UE) 11 and the terminating mobile terminal (UE) 21 exist in the same network (M-M telephone call judgment), by referencing the destination telephone number comprised by the SETUP message input from the originating mobile terminal 11. If it is judged that the originating mobile terminal 11 and terminating mobile terminal 21 exist in the same network, if for example both mobile terminals are under management of the same MSC 41 as shown in (B) of Fig. 1, the MSC 41 creates a new KSI value for a M-M telephone call, and notifies the RNCs 31, 32 on the originating and terminating sides that the call is an M-M telephone call and provides the newly created KSI value.
  • the RNCs 31, 32 on the originating and terminating sides upon receiving this notification, both set encryption/decryption to off (do not perform encryption/decryption processing), and notify the originating mobile terminal 11 and terminating mobile terminal 21 of the newly received KSI value.
  • the originating mobile terminal 11 and terminating mobile terminal 21 use the received KSI value to generate a CK value according to the same CK generation algorithm.
  • the CK values of the originating mobile terminal 11 and terminating mobile terminal 21 are made identical with each other.
  • Fig. 5 is another sequence for making a CK value on the originating side identical with a CK value on the terminating side.
  • the MSC 41 investigates whether the terminating mobile terminal 21 and the originating mobile terminal 11 exist in the same network, by referring to the destination telephone number comprised by the SETUP message input from the originating mobile terminal 11 (M-M telephone call judgment). If the originating mobile terminal 11 and terminating mobile terminal 21 exist in the same network, and if for example both are managed by the same MSC 41 as shown in (B) of Fig. 1, the MSC 41 notifies the originating-side RNC 31 of the fact that the call is an M-M telephone call.
  • the terminating-side RNC 32 upon receiving this notification, sets encryption/decryption to off (no encryption/decryption processing is performed), and notifies the terminating mobile terminal 21 of the newly created KSI.
  • the originating mobile terminal 11 and terminating mobile terminal 21 generate a CK value using the new received KSI according to the same CK generation algorithm.
  • the CK values of the originating mobile terminal 11 and of the terminating mobile terminal 21 are made identical with each other.
  • Fig. 6 explains the overall sequence.
  • the CK values are assumed to be generated according to Fig. 4.
  • the RRC connection setup sequence between the UE 11 and RNC 31 is executed, a signaling connection (DCCH) is established, and the UE 11 notifies the RNC 31 of the long-period HFN through RRC Connection Setup Complete.
  • DCCH signaling connection
  • the bearer setup sequence (DTCH sequence) between the UE 11 and RNC 31 is executed.
  • the UE 11 sends an initial L3 message to the MSC 41, the MSC computes the CK value using the KSI parameter comprised by this message according to a prescribed algorithm, and this CK value is sent to the RNC 31 in a security mode command message.
  • the UE 11 also computes the CK value using the same algorithm, so that the UE 11 and RNC 31 hold the same CK value.
  • the RNC 31 sets DCCH parameters (BEARER, LENGTH, activation time) in the UE 11 through a security mode command message.
  • the UE 11 When DTCH parameter setup is completed, the UE 11 sends a SETUP message to the MSC 41, and the MSC 41 references the destination telephone number comprised by the SETUP message and sends a paging message to the terminating-side RNC 32, upon which the RNC 32 performs paging.
  • the terminating mobile terminal (UE) 21 executes an RRC connection setup sequence with the RNC 32, establishes a signaling connection (DCCH), and notifies the RNC 32 of the long-period HFN through RRC Connection Setup Complete.
  • DCCH signaling connection
  • the bearer setup sequence (DTCH sequence) between the UE 21 and RNC 32 is executed.
  • the UE 21 sends an initial L3 message to the MSC 41, and the MSC 41 uses the KSI parameter comprised by the message to compute the CK value according to a prescribed algorithm, and sends the CK value to the RNC 32 through a security mode command message.
  • the UE 21 also uses the same algorithm to compute the CK value, so that the UE 21 and RNC 32 hold the same CK value.
  • the RNC 32 sets DCCH parameters (BEARER, LENGTH, activation time) in the UE 21 through a security mode command message.
  • the MSC 41 sends a SETUP message to the UE 21. Also, the MSC 41 analyzes the SETUP message received from the UE 11, and investigates whether the terminating mobile terminal (UE) 21 and originating mobile terminal (UE) 11 exist in the same network (M-M telephone call judgment). If the UEs 11, 21 exist in the same network (if for example both are managed by the same MSC 41 as in (B) of Fig. 1), the MSC 41 creates a new KSI for the M-M telephone call, and notifies the RNCs 31, 32 on the originating side and terminating side of the M-M telephone call, providing the newly created KSI.
  • the originating-side and terminating-side RNCs 31, 32 both set encryption/decryption to off (no encryption/decryption processing is performed), and notify the UEs 11, 21 of the new KSI value.
  • the UEs 11, 21 each use the new received KSI value to generate a CK value according to the same CK generation algorithm. By this means, the CK values of the UEs 11, 21 become idential.
  • the originating-side and terminating-side RNCs 31, 32 set the DTCH parameters (BEARER, LENGTH, activation time) in the UEs 11, 21 through Radio Bearer Setup messages.
  • the DTCH encryption parameters in the originating mobile terminal (UE) 11 are made identical with those in the terminating mobile terminal (UE) 21. Thereafter, the UE 11 uses the encryption parameters to generate an encryption code, encrypts transmission data using this encryption code, and transmits the encrypted data. On the other hand, the UE 21 uses these encryption parameters to generate the same encryption code, and uses this encryption code to decrypt received data.
  • Fig. 7 explains another overall sequence, in a case in which CK values are made identical in accordance with Fig. 5.
  • Fig. 8 explains encryption control of the UEs, RNCs and MSCs, and shows control related to the originating side; the configuration on the receiving side is similar.
  • the M-M telephone call judgment portion 41a of the MSC 41 analyzes the SETUP message and judges that the call is an M-M telephone call, and sends the judgment result to the new KSI generation portion 41b and to the encryption control portion 31a of the RNC 31.
  • the new KSI generation portion 41b generates a new KSI, and sends this to the encryption control portion 31a of the RNC 31.
  • the encryption control portions 11a and 31a of the UE 11 and RNC 31 respectively acquire or generate encryption parameters according to the sequence of Fig. 6, and input the encryption parameters to the encryption code generation portions 11b, 31b; in addition, in the case of an M-M telephone call the encryption control portion 31a sets encryption/decryption to off, but if other than an M-M telephone call, sets encryption/decryption to on.
  • the encryption code generation portion 11b of the originating mobile terminal (UE) 11 uses the encryption parameters to generate an encryption code, and the encryption processing portion 11c uses this encryption code to encrypt transmission data, and transmits the data.
  • the encryption code generation portion 31b of the RNC 31 uses the encryption parameters to generate an encryption code, which is input to the encryption/decryption processing portion 31d, and the receiving portion 31c receives data from the UE 11 and inputs the data to the encryption/decryption processing portion 31d. If the call is not an M-M telephone call (encryption/decryption set to on), the encryption/decryption processing portion 31d uses the encryption code to decrypt the encrypted received data, and transmits the data to the transmission portion 31e. If however the call is an M-M telephone call (encryption/decryption set to off), the encryption/decryption processing portion 31d transmits the received data without modification to the transmission portion 31e, without performing decryption.
  • the receiving-side RNC uses the encryption code to perform decryption of the received data and transmits the data to the terminating mobile terminal (UE), whereas if the call is an M-M telephone call (encryption/decryption set to off), the received data is transmitted without modification to the terminating mobile terminal (UE), without performing decryption.
  • the terminating mobile terminal (UE) uses the encryption parameters to generate an encryption code, and uses this encryption code to decrypt the received data, which is output.
  • Fig. 9 shows the processing flow of the originating-side RNC 31.
  • All encryption parameters are acquired or generated according to the sequence of Fig. 6 (step 101).
  • a judgment is then made as to whether the call is an M-M telephone call and a new KSI has been received from the MSC 41 (step 102); if not an M-M call, encryption/decryption is set to on (step 103), and then the encryption parameters are used to generate an encryption code, and this encryption code is used to decrypt received data, and the data received from the originating mobile terminal 11 is transmitted (step 104).
  • step 102 the call is judged to be an M-M telephone call, encryption/decryption is set to off (step 105).
  • the KSI received from the MSC 41 is transmitted to the originating mobile terminal (UE) 11 (step 106), and thereafter the count C1 encryption parameter is transmitted to the terminating-side RNC 32 (step 107). Thereafter, data received from the originating mobile terminal 11 is transmitted without modification, and without performing decryption (step 104).
  • Fig. 10 shows the processing flow of the terminating-side RNC 32.
  • Encryption parameters are acquired or generated according to the sequence of Fig. 6 (step 201). Then, a judgment is made as to whether the call is an M-M telephone call and a new KSI has been received from the MSC 41 (step 202); if not an M-M telephone call, encryption/decryption is set to on (step 203), and then the encryption parameters are used to generate an encryption code, the encryption code is used to encrypt the received data, and the data is transmitted to the terminating mobile terminal (UE) 21 (step 204).
  • UE terminating mobile terminal
  • step 202 if in step 202 it is judged that the call is an M-M telephone call, encryption/decryption is set to off (step 205).
  • the KSI received from the MSC 41 is transmitted to the terminating mobile terminal (UE) 21 (step 206), and the count C1 encryption parameter is received from the originating-side RNC 31 (step 207).
  • the terminating-side RNC 32 transmits data received from the originating-side RNC 31 without modification, and without performing encryption (step 204).
  • Fig. 11 shows the processing flow of the terminating mobile terminal (UE) 21.
  • Encryption parameters are acquired or generated according to the sequence of Fig. 6 (step 301).
  • step 302 a judgment is made as to whether the call is an M-M telephone call and whether a new KSI has been received from the RNC 32 (step 302); if not an M-M telephone call, normal decryption processing is executed (step 303).
  • the,eencryptionparameters are the same in the originating mobile terminal 11 and in the terminating mobile terminal 21.
  • the terminating mobile terminal 21 uses these encryption parameters to generate an encryption code (step 307), and this encryption code is used to decrypt received data, which is output (step 308).
EP04255896A 2004-05-28 2004-09-27 Drahtloses Kommunikationssystem und Verschlüsselungskontrollverfahren Withdrawn EP1601215A2 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2004158910 2004-05-28
JP2004158910A JP2005341348A (ja) 2004-05-28 2004-05-28 無線通信システム及び秘匿制御方法

Publications (1)

Publication Number Publication Date
EP1601215A2 true EP1601215A2 (de) 2005-11-30

Family

ID=34930698

Family Applications (1)

Application Number Title Priority Date Filing Date
EP04255896A Withdrawn EP1601215A2 (de) 2004-05-28 2004-09-27 Drahtloses Kommunikationssystem und Verschlüsselungskontrollverfahren

Country Status (3)

Country Link
US (1) US20050265551A1 (de)
EP (1) EP1601215A2 (de)
JP (1) JP2005341348A (de)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6253061B1 (en) 1997-09-19 2001-06-26 Richard J. Helferich Systems and methods for delivering information to a transmitting and receiving device
US6636733B1 (en) 1997-09-19 2003-10-21 Thompson Trust Wireless messaging method
US6826407B1 (en) 1999-03-29 2004-11-30 Richard J. Helferich System and method for integrating audio and visual messaging
US7003304B1 (en) 1997-09-19 2006-02-21 Thompson Investment Group, Llc Paging transceivers and methods for selectively retrieving messages
US6983138B1 (en) 1997-12-12 2006-01-03 Richard J. Helferich User interface for message access
KR100865357B1 (ko) * 2006-01-04 2008-10-24 이노베이티브 소닉 리미티드 무선 통신 시스템의 이동 사용자 장치에서 무결성 보호구성을 수정하는 방법 및 장치
US20070294541A1 (en) * 2006-06-16 2007-12-20 Phani Bhushan Avadhanam Methods and apparatus for encryption verification
US8254573B2 (en) * 2007-03-30 2012-08-28 Tektronix, Inc. System and method for ciphering key forwarding and RRC packet deciphering in a UMTS monitoring system
ES2659368T3 (es) * 2007-12-19 2018-03-15 Nokia Technologies Oy Métodos, aparatos, sistema y productos de programa informático relacionados para la seguridad del traspaso
GB2457066A (en) * 2008-01-31 2009-08-05 Nec Corp Method of setting up radio bearers in a mobile communications system
KR101541079B1 (ko) * 2009-02-09 2015-07-31 삼성전자주식회사 이동통신시스템에서 상향 링크 데이터의 암호화처리 장치 및 방법
US20100272263A1 (en) * 2009-04-27 2010-10-28 Motorola, Inc. Decrypting a nas message traced to an e-utran
JP5734367B2 (ja) * 2013-07-29 2015-06-17 日立マクセル株式会社 コンテンツ送信装置、コンテンツ受信装置、コンテンツ送信方法およびコンテンツ受信方法
CN112965915B (zh) * 2021-03-30 2023-08-15 中国电子信息产业集团有限公司第六研究所 一种星载设备检测方法、装置、设备及存储介质

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5081679A (en) * 1990-07-20 1992-01-14 Ericsson Ge Mobile Communications Holding Inc. Resynchronization of encryption systems upon handoff
US6219694B1 (en) * 1998-05-29 2001-04-17 Research In Motion Limited System and method for pushing information from a host system to a mobile data communication device having a shared electronic address
US7882247B2 (en) * 1999-06-11 2011-02-01 Netmotion Wireless, Inc. Method and apparatus for providing secure connectivity in mobile and other intermittent computing environments
WO2001043471A1 (de) * 1999-12-07 2001-06-14 Robert Bosch Gmbh Verfahren zur verschlüsselung von daten und telekommunikationsendgerät und zugangsberechtigungskarte
JP2001359165A (ja) * 2000-06-15 2001-12-26 Mitsubishi Electric Corp モバイル通信システム
US6571212B1 (en) * 2000-08-15 2003-05-27 Ericsson Inc. Mobile internet protocol voice system
US6901429B2 (en) * 2000-10-27 2005-05-31 Eric Morgan Dowling Negotiated wireless peripheral security systems
FI20002607A (fi) * 2000-11-28 2002-05-29 Nokia Corp Päästä-päähän -tahdistuksen ylläpitäminen tietoliikenneyhteydellä
US6996076B1 (en) * 2001-03-29 2006-02-07 Sonus Networks, Inc. System and method to internetwork wireless telecommunication networks
US20020146127A1 (en) * 2001-04-05 2002-10-10 Marcus Wong System and method for providing secure communications between wireless units using a common key
US7099917B2 (en) * 2001-04-18 2006-08-29 Openwave Systems Inc. Method of providing a proxy server based service to a communications device on a network
US20030031151A1 (en) * 2001-08-10 2003-02-13 Mukesh Sharma System and method for secure roaming in wireless local area networks
US8020201B2 (en) * 2001-10-23 2011-09-13 Intel Corporation Selecting a security format conversion for wired and wireless devices
CA2737849C (en) * 2001-10-26 2017-01-24 Research In Motion Limited System and method for remotely controlling mobile communication devices
FI20025018A (fi) * 2002-04-23 2003-10-24 Nokia Corp Järjestelmä digitaalisessa langattomassa tiedonsiirtoverkossa päästä päähän -salauksen järjestämiseksi ja vastaava päätelaite
US7272716B2 (en) * 2002-08-30 2007-09-18 Sap Aktiengesellschaft Enterprise secure messaging architecture
EP1687906A1 (de) * 2002-10-28 2006-08-09 Jason R. Cooner Drahtloser zugang zur emulation der funktionsweise eines abgesetzten computers
US20040255037A1 (en) * 2002-11-27 2004-12-16 Corvari Lawrence J. System and method for authentication and security in a communication system
KR101164682B1 (ko) * 2003-04-02 2012-07-11 콸콤 인코포레이티드 Cdma 네트워크 및 gsm 네트워크 사이에서의 암호화
US10375023B2 (en) * 2004-02-20 2019-08-06 Nokia Technologies Oy System, method and computer program product for accessing at least one virtual private network

Also Published As

Publication number Publication date
US20050265551A1 (en) 2005-12-01
JP2005341348A (ja) 2005-12-08

Similar Documents

Publication Publication Date Title
KR100689251B1 (ko) 무선프레임을 위한 카운터 초기화
US8627092B2 (en) Asymmetric cryptography for wireless systems
EP2529566B1 (de) Effiziente endgeräteauthentifizierung in telekommunikationsnetzwerken
EP2071885B1 (de) Verfahren zur Handhabung eines Sicherheitsschlüsselwechsels und zugehörige Kommunikationsvorrichtung
US20070258591A1 (en) Ciphering control and synchronization in a wireless communication system
EP2109278B1 (de) Verfahren und Vorrichtung zum Erzeugen eines neuen Schlüssels
CN102158855B (zh) 处理单一无线语音通话连续性交递安全的方法及通讯装置
US20070204159A1 (en) Communication network including mobile radio equipment and radio control system
EP1601215A2 (de) Drahtloses Kommunikationssystem und Verschlüsselungskontrollverfahren
US11917073B2 (en) Integrity protection
JPWO2005091668A1 (ja) 移動体通信システム、基地局及びそれらに用いるhsdpa伝送方法
CN102315932A (zh) 电信系统以及这种系统中控制消息的加密
WO2005025127A1 (ja) 送受信装置および暗号化通信方法
KR20090024604A (ko) 무선 통신 시스템에서의 데이터 송수신 방법
KR100594022B1 (ko) 무선 네트워크 시스템의 무선링크제어 계층에서 데이터암호화방법 및 암호해제방법
CN102006644A (zh) 一种第三代移动通信系统重定位加密处理的方法及系统
WO2008054276A1 (en) Method and arrangements for ciphering management in a telecommunication system
JP2014023029A (ja) 秘匿通信システム、秘匿通信方法、端末装置、無線制御装置
Ertaul et al. Security Evaluation of CDMA2000.
Bluszcz UMTS Security UMTS Security

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL HR LT LV MK

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN

18W Application withdrawn

Effective date: 20090522